GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,075
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,078 advisories
Filter by severity
Reflected cross-site scripting in development mode handler in Vaadin
Low
GHSA-8vfw-v2jv-9hwc
was published
for
com.vaadin:flow-server
(Maven)
Jun 28, 2021
devices resource list treated as a blacklist by default
Low
GHSA-g54h-m393-cpwq
was published
for
github.com/opencontainers/runc
(Go)
Dec 20, 2021
ERC1155Supply vulnerability in OpenZeppelin Contracts
Low
GHSA-wmpv-c2jp-j2xg
was published
for
@openzeppelin/contracts
(npm)
Nov 15, 2021
MD5 hash support in github.com/foxcpp/maddy
Low
GHSA-qh54-9vc5-m9fg
was published
for
github.com/foxcpp/maddy
(Go)
Oct 12, 2021
Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788)
Low
CVE-2020-13788
was published
for
github.com/goharbor/harbor
(Go)
Feb 11, 2022
Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11
Low
GHSA-3h5r-928v-mxhh
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
User enumeration in authentication mechanisms
Low
GHSA-g2qj-pmxm-9f8f
was published
for
symfony/security-http
(Composer)
May 17, 2021
CSRF Vuln can expose user's QRcode
Low
GHSA-fxq4-r6mr-9x64
was published
for
Flask-Security-Too
(pip)
Apr 8, 2021
Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy
Low
CVE-2021-21291
was published
for
github.com/oauth2-proxy/oauth2-proxy
(Go)
May 25, 2021
Import loops in account imports, nats-server DoS
Low
GHSA-gwj5-3vfq-q992
was published
for
github.com/nats-io/nats-server/v2
(Go)
May 21, 2021
Potential privilege escalation on Kubernetes >= v1.19 when the Argo Sever is run with `--auth-mode=client`
Low
GHSA-prqf-xr2j-xf65
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Aug 23, 2021
Incorrect TCR calculation in batchLiquidateTroves() during Recovery Mode
Low
GHSA-xh2p-7p87-fhgh
was published
for
@liquity/contracts
(npm)
Aug 5, 2021
Creation of order credits was not validated by acl in admin orders
Low
GHSA-g7w8-pp9w-7p32
was published
for
shopware/core
(Composer)
Jun 28, 2021
Generation of fake documents via public GET-call
Low
GHSA-jvg4-9rc2-wvcr
was published
for
shopware/platform
(Composer)
Feb 10, 2021
accounts: Hash account number using Salt
Low
GHSA-g636-q5fc-4pr7
was published
for
github.com/moov-io/customers
(Go)
May 24, 2021
A failed upgrade may lead to hung goroutines
Low
GHSA-gmq2-39ff-f5qg
was published
for
github.com/cloudflare/tableflip
(Go)
May 21, 2021
Discovery uses the same AES/GCM Nonce throughout the session
Low
GHSA-w3hj-wr2q-x83g
was published
for
tech.pegasys.discovery:discovery
(Maven)
Apr 6, 2021
Open Redirect in Flask-Security-Too
Low
GHSA-gxjj-f44v-qm94
was published
for
Flask-Security-Too
(pip)
Dec 14, 2021
•
withdrawn
Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
Low
CVE-2020-15276
was published
for
baserproject/basercms
(Composer)
Oct 30, 2020
CLI does not correctly implement strict mode
Low
GHSA-2xwp-m7mq-7q3r
was published
for
aws-encryption-sdk-cli
(pip)
Oct 28, 2020
Stored XSS by authenticated backend user with access to upload files
Low
CVE-2020-15249
was published
for
october/backend
(Composer)
Nov 23, 2020
Ciphertext Malleability Issue in Tink Java
Low
CVE-2020-8929
was published
for
com.google.crypto.tink:tink
(Maven)
Oct 16, 2020
Denial of Service via Cache Flooding
Low
GHSA-p68v-frgx-4rjp
was published
for
shopware/core
(Composer)
Oct 19, 2020
Buffer overflow in deprecated USB HALs and stack overflow in USB enumeration
Low
GHSA-f366-4rvv-95x2
was published
for
cryptoauthlib
(pip)
Oct 2, 2020
VVE-2021-0002: Incorrect `returndatasize` when using simple forwarder proxies deployed prior to EIP-1167 adoption
Low
GHSA-375m-5fvv-xq23
was published
for
vyper
(pip)
Apr 19, 2021
ProTip!
Advisories are also available from the
GraphQL API